} //injected by IOC public object Get(LoginRequest LoginDetails) { DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (owner != null) { Uri redirectURI = null; Uri current = new Uri(Request.AbsoluteUri); if (!Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host)) { LoginDetails.errors = new string[] { "Invalid Redirect URI", }; return(new HttpResult(LoginDetails) { StatusCode = System.Net.HttpStatusCode.BadRequest, StatusDescription = "Invalid Redirect URI", }); } else { return(new HttpResult(LoginDetails) { StatusCode = System.Net.HttpStatusCode.Redirect, Headers = { { HttpHeaders.Location, redirectURI.ToString() } }, }); } } return(LoginDetails); }
protected DataModels.Approval Approve(DataModels.Client Client, DataModels.ResourceOwner Owner, string Scope) { DataModels.Approval approval = ApprovalModel.GetApproval(Client, Owner); if (approval == null || TokenHelper.MissingScopesArray(Scope, approval.scope).Length != 0) { string apprUrl = Request.GetApplicationUrl(); if (!apprUrl.EndsWith("/")) { apprUrl += '/'; } UriBuilder bldr = new UriBuilder(apprUrl); bldr.Path += "approval"; string query = "client_id=" + Client.id + "&redirect=" + Request.AbsoluteUri.UrlEncode(); if (Scope != null) { query += "&scope=" + Scope.UrlEncode(); } bldr.Query = query; Response.AddHeader("Location", bldr.ToString()); Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; return(null); } return(approval); }
} //injected by IOC public T Authorize <T>(DataModels.ITokenRequest Request, OAuth2.DataModels.Client Client = null) where T : DataModels.Token, new() { var accounts = AccountModel.GetAccount(Request.username, Request.password); if (accounts == null || accounts.Count == 0) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid username or password", Request); } DataModels.ResourceOwner owner = new DataModels.ResourceOwner() { id = accounts[0].username, time = DateTime.UtcNow.Millisecond, attributes = accounts[0].ToDictonary(), }; ResourceOwnerModel.CreateOrUpdate(owner); T token = TokenModel.InsertToken <T>( TokenHelper.CreateAccessToken(), DataModels.TokenTypes.bearer, 3600, DateTime.UtcNow.GetTotalSeconds(), Client, TokenHelper.IntersectScopes(Request.scope, Client.allowed_scope), owner); if (token == null) { throw new OAuth2.DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unable to store access token"); } return(token); }
public object Get(ApprovalRequest ApprovalRequest) { Uri redirectURI = null; Uri current = new Uri(Request.AbsoluteUri); ApprovalData data = new ApprovalData(); if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data); } data.Redirect = ApprovalRequest.redirect; DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (user == null) { UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl()); bldr.Path += "/auth/login"; bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode(); return(new HttpResult(data) { Headers = { { "Location", bldr.ToString() } }, StatusCode = System.Net.HttpStatusCode.Redirect, }); } data.User = user; DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id); if (client == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data); } if (!string.IsNullOrWhiteSpace(client.owned_by)) { data.Owner = ResourceOwnerModel.GetByID(client.owned_by); } data.Client = client; string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries); List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList(); if (scopeDetails.Count != scopes.Length) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data); } data.RequestedScopes = scopeDetails; return((IApprovalData)data); }
public static OAuth2.DataModels.ResourceOwner CreateOrUpdateFromAccountModel(this OAuth2.Server.Model.IResourceOwnerModel Model, AccountResponse Account) { OAuth2.DataModels.ResourceOwner owner = new DataModels.ResourceOwner() { id = Account.account_id.ToString(), time = DateTime.UtcNow.GetTotalSeconds(), attributes = Account.ToDictonary(), }; if (Model.CreateOrUpdate(owner)) { return(owner); } return(null); }
protected void HandleCodeGrant(ITokenRequest TokenRequest, DataModels.Client Client) { if (Client.type == DataModels.ClientTypes.user_agent_based_application || string.IsNullOrWhiteSpace(Client.secret)) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.unauthorized_client, "Only secure clients are supported for code grants"); } DataModels.ResourceOwner owner = Authenticate(); if (owner == null) { return; } DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope); if (approval == null) { return; } DataModel.AuthorizationCode code = CodeGrantHanldler.Authorize(TokenRequest, approval, Client, owner); if (code == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unknown server error"); } string redirect = GetRedirectURI(TokenRequest, Client); UriBuilder bldr = new UriBuilder(redirect); string queryParms = "code=" + code.authorization_code; if (!string.IsNullOrWhiteSpace(code.scope)) { queryParms += "&scope=" + code.scope.UrlEncode(); } if (TokenRequest.state != null) { queryParms += "&state=" + TokenRequest.state.UrlEncode(); } bldr.Query = queryParms; Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; Response.AddHeader("Location", bldr.ToString()); return; }
protected void HandleTokenGrant(ITokenRequest TokenRequest, DataModels.Client Client) { DataModels.ResourceOwner owner = Authenticate(); if (owner == null) { return; } DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope); if (approval == null) { return; } DataModels.TokenResponse token = TokenGrantHandler.Authorize <DataModels.TokenResponse>(Client, owner, approval.scope); token.state = TokenRequest.state.UrlEncode(); string toRedirect = GetRedirectURI(TokenRequest, Client); if (toRedirect == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "No Registerd Redirect URI"); } UriBuilder bldr = new UriBuilder(toRedirect); if (Client.type == DataModels.ClientTypes.web_application) { bldr.Query += token.ToURIString(); } else { if (!string.IsNullOrWhiteSpace(bldr.Fragment)) { bldr.Fragment = bldr.Fragment.SafeSubstring(1, bldr.Fragment.Length - 1) + '?' + token.ToURIString(); } else { bldr.Fragment = token.ToURIString(); } } Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; Response.AddHeader("Location", bldr.ToString()); return; }
public void RequestFilter(IHttpRequest req, IHttpResponse res, object requestDto) { string auth = req.Headers.Get("Authorization"); bool validUser = false; if (!string.IsNullOrWhiteSpace(auth)) { Match rawToken = MATCH_TOKEN.Match(auth); if (rawToken.Success && rawToken.Groups["token_type"].Success && rawToken.Groups["token"].Success) { DataModels.Token token = TokenModel.GetToken <DataModels.Token>(rawToken.Groups["token"].Value); req.Items.Add("auth:rawtoken", rawToken); if (SetToken) { req.Items.Add("auth:token", token); } if (SetClient) { req.Items.Add("auth:client", ClientModel.GetClientByID(token.client_id)); } if (!string.IsNullOrWhiteSpace(token.resource_owner_id) && SetUser) { DataModels.ResourceOwner owner = ResourceOwnerModel.GetByID(token.resource_owner_id); if (owner != null) { req.Items.Add("auth:user", owner); validUser = true; } } } } if (RequireValidUser && !validUser) { res.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized; res.StatusDescription = "Valid bearer token required"; res.AddHeader("WWW-Authenticate", "OAuth2 realm=\"{0}\"".Fmt(req.GetApplicationUrl())); res.Close(); } }
protected DataModels.ResourceOwner Authenticate() { DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (owner == null) { string apprUrl = Request.GetApplicationUrl(); if (!apprUrl.EndsWith("/")) { apprUrl += '/'; } UriBuilder bldr = new UriBuilder(apprUrl); bldr.Path += "auth/login"; bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode(); Response.AddHeader("Location", bldr.ToString()); Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; return(null); } return(owner); }
public object Post(ApprovalResponse ApprovalResponse) { ApprovalData data = new ApprovalData(); data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); Request.Items.Add("Model", data); data.Redirect = ApprovalResponse.redirect; Uri referrerURI = Request.GetReferrerURI(); Uri current = new Uri(Request.AbsoluteUri); //CRSF protection if (!referrerURI.SchemeHostPathMatch(current)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse); } Uri redirectURI = null; if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data); } data.Redirect = redirectURI.ToString(); DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (owner == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data); } data.Owner = owner; DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id); if (client == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data); } data.Client = client; List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList(); string scope = ""; if (scopes != null) { scopes.ForEach((cur) => scope += cur.scope_name + " "); } data.RequestedScopes = scopes; DataModels.Approval approval = new DataModels.Approval() { client_id = client.id, resource_owner_id = owner.id, type = DataModels.ApprovalTypes.user_granted, scope = scope, }; if (!ApprovalModel.AddOrUpdateApproval(approval)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data); } return(new HttpResult(data) { StatusCode = System.Net.HttpStatusCode.Redirect, Location = ApprovalResponse.redirect }); }
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, string Scope = "", string RedirectURI = null) { return(InsertAuthorizationCode(AuthorizationCode, Client.id, ResourceOwner.id, IssueTime, Scope, RedirectURI)); }
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, List <DataModels.Scope> Scope, Uri RedirectURI) { return(InsertAuthorizationCode(AuthorizationCode, Client, ResourceOwner, IssueTime, Scope, (RedirectURI != null) ? RedirectURI.ToString() : null)); }
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, List <DataModels.Scope> Scope, string RedirectURI) { string scope = ""; if (Scope != null) { foreach (DataModels.Scope scopeDesc in Scope) { scope += scopeDesc.scope_name + " "; } scope = scope.Trim(); } return(InsertAuthorizationCode(AuthorizationCode, Client, ResourceOwner, IssueTime, scope, RedirectURI)); }
public Server.DataModel.AuthorizationCode Authorize(DataModels.ITokenRequest Request, DataModels.Approval Approval, DataModels.Client Client, DataModels.ResourceOwner Owner) { Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.InsertAuthorizationCode( Extension.TokenHelper.CreateAccessToken(), Client, Owner, DateTime.Now.GetTotalSeconds(), Approval.scope, Request.redirect_uri); if (code == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error storing access code"); } if (string.IsNullOrWhiteSpace(Approval.refresh_token)) { Approval.refresh_token = Extension.TokenHelper.CreateAccessToken(); if (!ApprovalModel.AddOrUpdateApproval(Approval)) { AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri); throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error updating approval"); } } return(code); }
public T InsertToken <T>(string AccessToken, DataModels.TokenTypes TokenType, long ExpiresIn, long IssuedTime, DataModels.Client Client, IEnumerable <DataModels.Scope> Scope, DataModels.ResourceOwner ResourceOwner = null, string RefreshToken = null) where T : DataModels.Token, new() { string scope = ""; if (Scope != null) { foreach (DataModels.Scope scopeDetails in Scope) { scope += scopeDetails.scope_name + " "; } scope = scope.Trim(); } return(InsertToken <T>(AccessToken, TokenType, ExpiresIn, IssuedTime, Client.id, scope, ResourceOwner.id, RefreshToken)); }
public T InsertToken <T>(string AccessToken, DataModels.TokenTypes TokenType, long ExpiresIn, long IssuedTime, DataModels.Client Client, string Scope = "", DataModels.ResourceOwner ResourceOwner = null, string RefreshToken = null) where T : DataModels.Token, new() { return(InsertToken <T>(AccessToken, TokenType, ExpiresIn, IssuedTime, Client.id, Scope, ResourceOwner.id, RefreshToken)); }